Chrome 62
Google this week released Chrome 62 for Windows, macOS and Linux, setting the stage for a new warning when users enter data on an unencrypted website and patching nearly three dozen security vulnerabilities.
Chrome updates in the background, so most users can simply relaunch the browser to get the latest version. (To manually manage an update, select "About Google Chrome" from the Help menu under the vertical ellipsis at the upper right. The ensuing page either shows the browser has been updated or displays the download-upgrade process before presenting a "Relaunch" button.) New to Chrome? It can be downloaded from this Google site.
The Mountain View, Calif. company updates Chrome every six to seven weeks; the last time it upgraded the browser, to version 61, was Sept. 6, or just under six weeks before its Tuesday refresh.
Version 62, like most of Chrome's upgrades, hands over few if any obvious-at-a-glance changes. An exception this time: Chrome 62 is now ready to alert users that a site is insecure if it a) isn't encrypted with a digital certificate and b) the user starts to fill out any form field on the page. Also set to receive warnings are all pages viewed in Chrome's "Incognito" mode, the browser's no-tracks session. In those scenarios, users will see the text "Not Secure" at the far left of the address bar.
The feature is "now ready" because as of Friday, Google had not switched on the alert. That wasn't a surprise: Google typically tests a new feature with a small fraction of the total Chrome user base before remotely enabling the feature for all users. Assuming that feedback and Google's own telemetry point to zero problems, it will flip a flag and the warnings will appear.
Those who want to see the warning immediately should enter chrome://flags in the address bar, search for and find the entry "Mark non-secure origins as non-secure," and change the entry in the drop-down list from "Default" to "Warn on HTTP while in incognito mode or after editing forms."
The Not Secure warning is the latest step in an extended process that Google has aggressively implemented - mainly using Chrome, but with other services in its stable, too, like Gmail - to pressure all sites to encrypt their traffic. Chrome already sounded the alarm when an unencrypted site accepted passwords or credit card information; 62 is the next in the planned progression.
Eventually, Chrome will show the Not Secure notice on every HTTP page.
Also on the Chrome 62 change list are support for OpenType variable fonts, which compact multiple font sizes and styles in a single package, giving site designers more flexibility in crafting attractive pages; and support for an expanded Network Information API (application programming interface) that provides connection performance metrics from the browser, a useful tool for web app developers creating software suitable for a variety of speeds.
Included in Chrome 62 are patches for 35 security vulnerabilities, a fifth of which were rated "High," Google's second-most-serious ranking. The firm paid out just over $40,000 in bug bounties to security researchers for reporting the vulnerabilities.
The next upgrade, Chrome 63, should reach users the week of Dec. 3-9, according to Google's release calendar.
Google
Chrome automatically downloads its latest update in the background, then refreshes itself the next time it's launched.